Tohuwabohu excorcism

User Tools

Site Tools

Trace: testing_services
cloud:azure

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cloud:azure [2024/03/17 15:48] skipidarcloud:azure [2024/07/22 20:15] (current) – [IAM and Role Based Access Control] skipidar
Line 22: Line 22:
  
  
-==== Azure function ==== 
  
-=== Azure functions in Azure Portal === +==== Azure Messaging services ====
- +
-The runtime +
-{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/Hgmm9qaqwh.png}} +
- +
- +
-The trigger and code. +
- +
-Only available after uploading the code into the function, via  +
- +
-''az functionapp deployment source config-zip -g $resourceg -n $functionname --src app.zip'' +
- +
-{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/KAkOMqgCRq.png}} +
- +
-The Function URL +
-{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/bYSSoOXd9R.png}} +
- +
-The URL response +
-{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/TRJIKVCUQ4.png}} +
- +
- +
-=== Limitations of Azure functions === +
- +
- +
-   * Azure functions - are NOT only serverless.  +
-     * You can choose a premium subscription and deploy your **Azure function**  as an always running instance into your network +
-     * You CAN'T use a serverless function - in a private network +
-   * You **CAN'T have multiple triggers** for a function. ONly one of +
-     * http_trigger +
-     * Blob trigger +
-     * CosmosDB trigger +
-     * EventHub trigger +
-     * Queue trigger +
-     * ServiceBus Queue trigger +
-     * ServiceBus Topic trigger +
-     * Timer Trigger+
  
 +Intro 
 +https://learn.microsoft.com/en-us/azure/architecture/aws-professional/messaging
  
 +^AWS service ^Azure service ^
 +|Simple Queue Service (SQS) | QUEUE |
 +|Simple Notification Service (SNS) | Service Bus |
 +|Amazon EventBridge | Event Grid |
 +|Amazon Kinesis | Event Hubs |
 +|Amazon MQ | Service Bus |
  
 ==== Azure physical infrastructure ==== ==== Azure physical infrastructure ====
Line 138: Line 110:
  
  
 +
 +==== Azure API Management ====
 +
 +
 +=== Policies ===
 +
 +  * Intro https://www.svenmalvik.com/azure-apim-policies/
 +  * Example https://learn.microsoft.com/en-us/azure/api-management/api-management-policies
 +
 +
 +=== Evaluation order ===
 +
 +Policies are **executed sequentially** based on their placement within the policy configuration.
 ==== Network ==== ==== Network ====
  
Line 155: Line 140:
 https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
 {{https://learn.microsoft.com/en-us/azure/load-balancer/media/load-balancer-overview/load-balancer.png}} {{https://learn.microsoft.com/en-us/azure/load-balancer/media/load-balancer-overview/load-balancer.png}}
 +
 +
 +
 +==== Azure Data Ops ====
 +
 +Data Management Landing Zone:
 +
 +{{https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/images/data-management-overview.png#lightbox}}
 +
 +Source:
 +https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/architectures/data-management-landing-zone
 +
 +
 +
 +2) Data Landing Zone:
 +
 +{{https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/images/data-landing-zone-2.png#lightbox}}
 +
 +Source:
 +https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/cloud-scale-analytics/architectures/data-landing-zone
 +
 +
 +
 +==== IAM and Role Based Access Control ====
 +
 +see
 +https://learn.microsoft.com/en-us/training/modules/describe-azure-identity-access-security/6-role-based-access-control
 +
 +{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/vKOYaMe0Ce.png}}
 +
 +
 +Azure Custom Roles:
 +
 +  * https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles#custom-role-example
 +
 +IAM and Role Based Access Control
 +
 +<sxh java>
 +{
 +  "assignableScopes": [
 +    "/"
 +  ],
 +  "description": "Allows for send access to Azure Service Bus resources.",
 +  "id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
 +  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
 +  "permissions": [
 +    {
 +      "actions": [
 +        "Microsoft.ServiceBus/*/queues/read",
 +        "Microsoft.ServiceBus/*/topics/read",
 +        "Microsoft.ServiceBus/*/topics/subscriptions/read"
 +      ],
 +      "notActions": [],
 +      "dataActions": [
 +        "Microsoft.ServiceBus/*/send/action"
 +      ],
 +      "notDataActions": []
 +    }
 +  ],
 +  "roleName": "Azure Service Bus Data Sender",
 +  "roleType": "BuiltInRole",
 +  "type": "Microsoft.Authorization/roleDefinitions"
 +}
 +</sxh>
 +
 +
 +Custom role, which allows to assign roles to Azure API Managers.
 +<sxh java>
 +{
 +  "Name": "APIM Role Assignment Manager",
 +  "IsCustom": true,
 +  "Description": "Allows managing role assignments for Azure API Management",
 +  "Actions": [
 +    "Microsoft.Authorization/*/write",
 +    "Microsoft.Authorization/*/delete"
 +  ],
 +  "NotActions": [],
 +  "DataActions": [],
 +  "NotDataActions": [],
 +  "AssignableScopes": [
 +    "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.ApiManagement/service/<apim-service-name>"
 +  ]
 +}
 +</sxh>
 +
cloud/azure.1710690506.txt.gz · Last modified: by skipidar